User & Entity Behavior Analytics (UEBA)

Events

Views Navigation

Event Views Navigation

Today

    • Weaponized AI and the New Frontline of Cyberthreat Defense

    AI is no longer just a tool for defenders. It’s an existential threat vector—a force multiplier for adversaries that’s already reshaping the threat landscape and the economics of cybercrime. Weaponized AI doesn’t just scale attacks—it rewrites the rules of engagement. Organizations must rethink their cyber defense strategies to counter AI-augmented threats with speed, adaptability, and precision. Topics include: • How AI accelerates every phase of the attack lifecycle • Why detection and response models fail at machine speed • What defenders must do to outpace AI-augmented threats • How to build adaptive defenses for synthetic threats Join us and gain a clear view of how AI is reshaping attacks—and how to evolve your defenses to keep up.
    Topics:
    , , , , , , , , , , , , , , , , , , , , ,

    • Your SOC Has a Retention Problem. Your Tooling Might Be the Cause.

    Seventy percent of SOC analysts with five years or less of experience leave within three years. The typical explanation is burnout from an overwhelming threat landscape. The less comfortable explanation is that the tools meant to help analysts are making their jobs worse. Fragmented workflows, constant context-switching across disconnected platforms, and thousands of daily alerts with no actionable context are turning what should be a high-impact career into a repetitive grind. When analysts spend more time wrangling dashboards than investigating threats, the best ones leave.

    The retention problem is not just a staffing issue. It is an operational risk. Every departure takes institutional knowledge with it, increases the load on remaining team members, and widens the window for missed detections. Organizations that want to keep experienced analysts need to redesign how SOC work gets done, starting with how detection, investigation, automation, and analyst experience are delivered across the stack.

    Addressing this challenge requires coordination across SIEM, XDR, SOAR, MDR, and security analytics platforms to reduce friction, improve context, and make investigations more actionable.

    Topics include:

    • How fragmented tooling and manual workflows contribute to analyst turnover
    • Reducing cognitive load through unified investigation and automated triage
    • Building a SOC environment that retains talent by making the work sustainable

    Join us to explore how rethinking SOC tooling and workflows can address the retention crisis at its source.

    Topics:
    , , , , , , ,

    AI in the SOC: Separating the Tools That Actually Work From the Ones That Add More Noise

    Every security vendor now claims AI capabilities. For SOC teams already processing thousands of alerts per day, the promise is appealing: automated triage, intelligent prioritization, faster investigations. The reality is more complicated. Poorly implemented AI can generate its own layer of noise, create false confidence in automated decisions, and introduce opaque reasoning that analysts cannot validate or trust.

    The SOC teams seeing real results from AI are the ones asking the right questions before deploying it. They are auditing data quality first, defining what “automated” should and should not mean for their environment, and measuring whether AI is reducing time-to-resolution or just shifting where analysts spend their time.

    Getting this right requires alignment across detection, triage, investigation, and automation layers of the SOC – from SIEM and XDR to SOAR, MDR, and AI-driven analytics platforms.

    Topics include:

    • Evaluating AI-driven SOC tools based on measurable outcomes, not vendor claims
    • Addressing data quality and pipeline readiness before deploying AI-powered detection
    • Defining the right division of labor between automated triage and human investigation

    Join us for an honest look at where AI is delivering real value in security operations and where it is falling short.

    Topics:
    , , , , , , ,

    Living-Off-the-Land Attacks Dwell for Months. Here’s Why Your Detection Stack Keeps Missing Them.

    Living-off-the-land (LOTL) attacks do not drop malware, install backdoors, or trigger signature-based detections. They use the tools already present in your environment: PowerShell, WMI, legitimate remote administration utilities, and valid credentials. Nation-state groups and sophisticated criminal operators favor this approach because it blends seamlessly with normal administrative activity. Some LOTL intrusions dwell for months or even years before discovery.

    Most detection stacks were built to find things that should not be there. LOTL attacks invert the problem by using things that should be there. As a result, organizations are being forced to rethink how detection, identity, and behavioral signals work together across the stack to distinguish legitimate activity from attacker behavior.

    Addressing LOTL techniques requires coordination across endpoint, network, identity, and behavioral analytics capabilities – from EDR and XDR to ITDR, NDR, UEBA, and deception technologies.

    Topics include:

    • How LOTL attackers exploit native tools and legitimate credentials to evade detection
    • Why signature-based and file-based detection strategies fail against fileless techniques
    • Building a detection posture around behavioral analysis, credential monitoring, and assumed compromise

    Discover how to close the detection gaps that LOTL attackers are counting on and build defenses designed for threats that look like normal operations.

    Topics:
    , , , , , , , , , , ,